Make sudo/gksudo remember passwords January 25, 2006

I use sudo and gksudo quite often. Now, if you use sudo in a terminal window, then you only have to enter the password the first time. But what if you have more than one terminal window, and try to use a sudo command in all of them? You will be prompted for your password the first time you use sudo in each terminal window. The same applies for gksudo.

This makes sense for a computer that is acting as a server. If you are logged in from multiple locations, and you enter the password for sudo in your current location, all the other locations are still “safe” since the person using the other terminals will still have to enter the password to use sudo. But when it comes to desktop use, this behaviour can be an annoyance.

I hate being prompted again and again for the sudo password (and the graphical gksudo password). For me, on my laptop, I want the sudo password to be “shared” between the different terminal windows, and with gksudo. It would be nice if the timestamp on the password was “global” to all terminals, and all the “gksudo” menu entries.

I ensure this by changing the following line in /etc/sudoers:Defaults !lecture,tty_tickets,!fqdn

toDefaults !lecture,!tty_tickets,!fqdn

Here, tty_tickets refers to “terminal tickets”, and I just changed it from using one ticket per terminal, to a common ticket, globally.

Again, this is not recommended for server installs, but may make life a little easier for average Joe Desktop Users.

I’m not sure how secure this is. I’m already not confortable with sudo remembering the password…
Imagine some malware that uses sudo to get root privileges. if sudo remembers the pass, it wont ask for it and the malware will get the permissions right aware. than, you’re pretty much screwed.

Root concept for desktop users should not be in the focus of security discussions. System configuration data is wrecked by automatic updates every two or three weeks in ubuntu, so the occasional user error will only be a drop in the bucket.
Furthermore, user data stored in HOME should be protected a lot better than the rest of the system for user privacy issues. It isn’t the sixties anymore, unix is used as a home computing OS nowadays.

@randomwalker You don’t seem to have understood. If I gain access to ‘the stuff in /’, then I have elevated privileges, very likely root. That gives me access to your files in $HOME, and much worse, it also enables me to install Trojaned executables that log your passwords and send them to a dead-drop in Albania that I monitor via my botnet.
Please, please mantain your current attitude. I need more zombie machines for folding@home. The world thanks you for your ignorance!

Thanks man very useful this trick! i have desktop machine and it was very irritant to write and fucking rewrite the same passwd all the fucking time. Debian do the things like this post say “just one time passwd ;rememnber && fuck-off until people logout.” sorry my English.